DEBIAN-CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

DEBIAN-CVE-2026-32725

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses "....

CVE-2024-11483 Automation-gateway: aap-gateway: improper scope handling in oauth2 tokens for aap 2.5

A vulnerability was found in the Ansible Automation Platform AAP. This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansiblebase.oauth2provider for OAuth2 authentication. While th...

SUSE CVE-2016-5172

The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This is due to an incorrect scope handling during the emitting of byte code which could cause memory corruption and allow an attacker to execute code in the context of the current user. This CVE ID is different from CVE-2018-0758,...

Microsoft Edge: Chakra: Incorrect scope handling(CVE-2018-0774)

PoC: function funcarg = function printfunc; // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function. printfunc; function func ; Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode. functi...

Microsoft Edge Chakra - Incorrect Scope Handling Exploit

Exploit for windows platform in category dos / poc // PoC: function funcarg = function printfunc; // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function. printfunc; function func ; // Chakra fails to distinguish whether the function is referenced in the...

Microsoft Edge Chakra - Incorrect Scope Handling

Microsoft Edge Chakra - Incorrect Scope Handling // PoC: function funcarg = function printfunc; // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function. printfunc; function func ; // Chakra fails to distinguish whether the function is referenced in the...

Microsoft Edge Chakra Incorrect Scope Handling

Microsoft Edge: Chakra: Incorrect scope handling CVE-2018-0774 PoC: function funcarg = function printfunc; // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function. printfunc; function func ; Chakra fails to distinguish whether the function is referenced i...

Microsoft Edge Chakra - Incorrect Scope Handling

// PoC: function funcarg = function printfunc; // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function. printfunc; function func ; // Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode...

SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)

This glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc892073: An off-by-one error leading to a heap-based buffer overflow was found in gconvtranslitfind. An exploit that targets the problem is publicly available. CVE-2014-5119 -...

Firefox ESR 17.x < 17.0.9 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 17.x is earlier than 17.0.9 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - Multiple...

Thunderbird ESR 17.x < 17.0.9 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird ESR 17.x is prior to 17.0.9 and is, therefore, potentially affected the following vulnerabilities : - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - Multiple...

Mozilla Thunderbird ESR 17.x < 17.0.9 Multiple Vulnerabilities

The installed version of Thunderbird ESR 17.x is earlier than 17.0.9 and is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - Multiple...

CVE-2013-1725

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...

Design/Logic Flaw

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...

Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...